CVE-2014-9772

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 36.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Node.js
Timeline
PublishedJan 23
Latest updateNov 6

Description

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

npmvalidator< 2.0.0
Ubuntuvalidator.js< 3.17.0+dfsg1-1
NVDnodejs/node.js1.8.4

🔴Vulnerability Details

4
GHSA
XSS Filter Bypass via Encoded URL in validator2018-11-06
OSV
XSS Filter Bypass via Encoded URL in validator2018-11-06
OSV
CVE-2014-9772: The validator package before 22017-01-23
CVEList
CVE-2014-9772: The validator package before 22017-01-23
CVE-2014-9772 (MEDIUM CVSS 6.1) | The validator package before 2.0.0 | cvebase.io